Rapid7 Blog

Using Log Data Streams for Real-Time Analytics: Part 1

POST STATS:

SHARE

This 3-part series explores the definition and benefits of using log data streams and real-time analytics for some common IT Ops uses cases. To download the complete article, click here.

Analytics tools are often focused on analyzing historical data. Taking a sample of data from historical events, you can perform calculations to determine what happened during that period of time and report on your findings. Monitoring tools are more often thought of in terms of real-time data, reporting raw metrics as they are recorded. Somewhere between these two types of tools exists Real-Time Analytics: the practice of performing constant monitoring and analysis in real-time, delivering raw metrics and up-to-the-second actionable insights.

The need for Real-Time Analytics has grown increasingly as IT infrastructures continue to evolve into more advanced systems, often distributed across thousands of instances that automatically scale up or down depending on the immediate need.

In Logentries’ latest article, Using Log Data Streams for Real-Time Analytics, we explore four real-world situations where Real-Time Analytics are necessary. As noted in the article, there are many common challenges that can occur when data is not real-time such as when working with timestamps:

To further demonstrate the definition of real- time analytics, let’s start by comparing it to the more commonly known, data batch processing. While batch processing can still append new data to an existing set, it does so in batches rather than a continuous stream. Batch processing comes with several disadvantages to real-time streaming. For example, if the data being processed doesn’t include timestamps, every event in a batch will be assigned the same timestamp (the date and time the batch process occurred).

Batch processing also makes it impossible to generate immediate alerts off of events as they occur. How effective can a system alert be if you’ll still experience several minutes of downtime before even receiving the alert? Tools that are actually real-time can deliver information within seconds of occurring, alerting you to the warning signs leading up to an issue, improving your chances of identifying, diagnosing and resolving problems before they negatively impact end-users.